
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Error reporting &#8212; Django 2.2.12.dev20200304094918 documentation</title>
    <link rel="stylesheet" href="../_static/default.css" type="text/css" />
    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
    <script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script>
    <script type="text/javascript" src="../_static/jquery.js"></script>
    <script type="text/javascript" src="../_static/underscore.js"></script>
    <script type="text/javascript" src="../_static/doctools.js"></script>
    <script type="text/javascript" src="../_static/language_data.js"></script>
    <link rel="index" title="Index" href="../genindex.html" />
    <link rel="search" title="Search" href="../search.html" />
    <link rel="next" title="Deployment checklist" href="deployment/checklist.html" />
    <link rel="prev" title="Deploying static files" href="static-files/deployment.html" />



 
<script type="text/javascript" src="../templatebuiltins.js"></script>
<script type="text/javascript">
(function($) {
    if (!django_template_builtins) {
       // templatebuiltins.js missing, do nothing.
       return;
    }
    $(document).ready(function() {
        // Hyperlink Django template tags and filters
        var base = "../ref/templates/builtins.html";
        if (base == "#") {
            // Special case for builtins.html itself
            base = "";
        }
        // Tags are keywords, class '.k'
        $("div.highlight\\-html\\+django span.k").each(function(i, elem) {
             var tagname = $(elem).text();
             if ($.inArray(tagname, django_template_builtins.ttags) != -1) {
                 var fragment = tagname.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>");
             }
        });
        // Filters are functions, class '.nf'
        $("div.highlight\\-html\\+django span.nf").each(function(i, elem) {
             var filtername = $(elem).text();
             if ($.inArray(filtername, django_template_builtins.tfilters) != -1) {
                 var fragment = filtername.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>");
             }
        });
    });
})(jQuery);</script>

  </head><body>

    <div class="document">
  <div id="custom-doc" class="yui-t6">
    <div id="hd">
      <h1><a href="../index.html">Django 2.2.12.dev20200304094918 documentation</a></h1>
      <div id="global-nav">
        <a title="Home page" href="../index.html">Home</a>  |
        <a title="Table of contents" href="../contents.html">Table of contents</a>  |
        <a title="Global index" href="../genindex.html">Index</a>  |
        <a title="Module index" href="../py-modindex.html">Modules</a>
      </div>
      <div class="nav">
    &laquo; <a href="static-files/deployment.html" title="Deploying static files">previous</a>
     |
    <a href="index.html" title="“How-to” guides" accesskey="U">up</a>
   |
    <a href="deployment/checklist.html" title="Deployment checklist">next</a> &raquo;</div>
    </div>

    <div id="bd">
      <div id="yui-main">
        <div class="yui-b">
          <div class="yui-g" id="howto-error-reporting">
            
  <div class="section" id="s-error-reporting">
<span id="error-reporting"></span><h1>Error reporting<a class="headerlink" href="#error-reporting" title="Permalink to this headline">¶</a></h1>
<p>When you’re running a public site you should always turn off the
<a class="reference internal" href="../ref/settings.html#std:setting-DEBUG"><code class="xref std std-setting docutils literal notranslate"><span class="pre">DEBUG</span></code></a> setting. That will make your server run much faster, and will
also prevent malicious users from seeing details of your application that can be
revealed by the error pages.</p>
<p>However, running with <a class="reference internal" href="../ref/settings.html#std:setting-DEBUG"><code class="xref std std-setting docutils literal notranslate"><span class="pre">DEBUG</span></code></a> set to <code class="docutils literal notranslate"><span class="pre">False</span></code> means you’ll never see
errors generated by your site – everyone will just see your public error pages.
You need to keep track of errors that occur in deployed sites, so Django can be
configured to create reports with details about those errors.</p>
<div class="section" id="s-email-reports">
<span id="email-reports"></span><h2>Email reports<a class="headerlink" href="#email-reports" title="Permalink to this headline">¶</a></h2>
<div class="section" id="s-server-errors">
<span id="server-errors"></span><h3>Server errors<a class="headerlink" href="#server-errors" title="Permalink to this headline">¶</a></h3>
<p>When <a class="reference internal" href="../ref/settings.html#std:setting-DEBUG"><code class="xref std std-setting docutils literal notranslate"><span class="pre">DEBUG</span></code></a> is <code class="docutils literal notranslate"><span class="pre">False</span></code>, Django will email the users listed in the
<a class="reference internal" href="../ref/settings.html#std:setting-ADMINS"><code class="xref std std-setting docutils literal notranslate"><span class="pre">ADMINS</span></code></a> setting whenever your code raises an unhandled exception and
results in an internal server error (strictly speaking, for any response with
an HTTP status code of 500 or greater). This gives the administrators immediate
notification of any errors. The <a class="reference internal" href="../ref/settings.html#std:setting-ADMINS"><code class="xref std std-setting docutils literal notranslate"><span class="pre">ADMINS</span></code></a> will get a description of the
error, a complete Python traceback, and details about the HTTP request that
caused the error.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">In order to send email, Django requires a few settings telling it
how to connect to your mail server. At the very least, you’ll need
to specify <a class="reference internal" href="../ref/settings.html#std:setting-EMAIL_HOST"><code class="xref std std-setting docutils literal notranslate"><span class="pre">EMAIL_HOST</span></code></a> and possibly
<a class="reference internal" href="../ref/settings.html#std:setting-EMAIL_HOST_USER"><code class="xref std std-setting docutils literal notranslate"><span class="pre">EMAIL_HOST_USER</span></code></a> and <a class="reference internal" href="../ref/settings.html#std:setting-EMAIL_HOST_PASSWORD"><code class="xref std std-setting docutils literal notranslate"><span class="pre">EMAIL_HOST_PASSWORD</span></code></a>,
though other settings may be also required depending on your mail
server’s configuration. Consult <a class="reference internal" href="../ref/settings.html"><span class="doc">the Django settings
documentation</span></a> for a full list of email-related
settings.</p>
</div>
<p>By default, Django will send email from <a class="reference external" href="mailto:root&#37;&#52;&#48;localhost">root<span>&#64;</span>localhost</a>. However, some mail
providers reject all email from this address. To use a different sender
address, modify the <a class="reference internal" href="../ref/settings.html#std:setting-SERVER_EMAIL"><code class="xref std std-setting docutils literal notranslate"><span class="pre">SERVER_EMAIL</span></code></a> setting.</p>
<p>To activate this behavior, put the email addresses of the recipients in the
<a class="reference internal" href="../ref/settings.html#std:setting-ADMINS"><code class="xref std std-setting docutils literal notranslate"><span class="pre">ADMINS</span></code></a> setting.</p>
<div class="admonition seealso">
<p class="first admonition-title">See also</p>
<p class="last">Server error emails are sent using the logging framework, so you can
customize this behavior by <a class="reference internal" href="../topics/logging.html"><span class="doc">customizing your logging configuration</span></a>.</p>
</div>
</div>
<div class="section" id="s-errors">
<span id="errors"></span><h3>404 errors<a class="headerlink" href="#errors" title="Permalink to this headline">¶</a></h3>
<p>Django can also be configured to email errors about broken links (404 “page
not found” errors). Django sends emails about 404 errors when:</p>
<ul class="simple">
<li><a class="reference internal" href="../ref/settings.html#std:setting-DEBUG"><code class="xref std std-setting docutils literal notranslate"><span class="pre">DEBUG</span></code></a> is <code class="docutils literal notranslate"><span class="pre">False</span></code>;</li>
<li>Your <a class="reference internal" href="../ref/settings.html#std:setting-MIDDLEWARE"><code class="xref std std-setting docutils literal notranslate"><span class="pre">MIDDLEWARE</span></code></a> setting includes
<a class="reference internal" href="../ref/middleware.html#django.middleware.common.BrokenLinkEmailsMiddleware" title="django.middleware.common.BrokenLinkEmailsMiddleware"><code class="xref py py-class docutils literal notranslate"><span class="pre">django.middleware.common.BrokenLinkEmailsMiddleware</span></code></a>.</li>
</ul>
<p>If those conditions are met, Django will email the users listed in the
<a class="reference internal" href="../ref/settings.html#std:setting-MANAGERS"><code class="xref std std-setting docutils literal notranslate"><span class="pre">MANAGERS</span></code></a> setting whenever your code raises a 404 and the request has
a referer. It doesn’t bother to email for 404s that don’t have a referer –
those are usually just people typing in broken URLs or broken Web bots. It also
ignores 404s when the referer is equal to the requested URL, since this
behavior is from broken Web bots too.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last"><a class="reference internal" href="../ref/middleware.html#django.middleware.common.BrokenLinkEmailsMiddleware" title="django.middleware.common.BrokenLinkEmailsMiddleware"><code class="xref py py-class docutils literal notranslate"><span class="pre">BrokenLinkEmailsMiddleware</span></code></a> must appear
before other middleware that intercepts 404 errors, such as
<a class="reference internal" href="../ref/middleware.html#django.middleware.locale.LocaleMiddleware" title="django.middleware.locale.LocaleMiddleware"><code class="xref py py-class docutils literal notranslate"><span class="pre">LocaleMiddleware</span></code></a> or
<a class="reference internal" href="../ref/contrib/flatpages.html#django.contrib.flatpages.middleware.FlatpageFallbackMiddleware" title="django.contrib.flatpages.middleware.FlatpageFallbackMiddleware"><code class="xref py py-class docutils literal notranslate"><span class="pre">FlatpageFallbackMiddleware</span></code></a>.
Put it towards the top of your <a class="reference internal" href="../ref/settings.html#std:setting-MIDDLEWARE"><code class="xref std std-setting docutils literal notranslate"><span class="pre">MIDDLEWARE</span></code></a> setting.</p>
</div>
<p>You can tell Django to stop reporting particular 404s by tweaking the
<a class="reference internal" href="../ref/settings.html#std:setting-IGNORABLE_404_URLS"><code class="xref std std-setting docutils literal notranslate"><span class="pre">IGNORABLE_404_URLS</span></code></a> setting. It should be a list of compiled
regular expression objects. For example:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">re</span>
<span class="n">IGNORABLE_404_URLS</span> <span class="o">=</span> <span class="p">[</span>
    <span class="n">re</span><span class="o">.</span><span class="n">compile</span><span class="p">(</span><span class="sa">r</span><span class="s1">&#39;\.(php|cgi)$&#39;</span><span class="p">),</span>
    <span class="n">re</span><span class="o">.</span><span class="n">compile</span><span class="p">(</span><span class="sa">r</span><span class="s1">&#39;^/phpmyadmin/&#39;</span><span class="p">),</span>
<span class="p">]</span>
</pre></div>
</div>
<p>In this example, a 404 to any URL ending with <code class="docutils literal notranslate"><span class="pre">.php</span></code> or <code class="docutils literal notranslate"><span class="pre">.cgi</span></code> will <em>not</em> be
reported. Neither will any URL starting with <code class="docutils literal notranslate"><span class="pre">/phpmyadmin/</span></code>.</p>
<p>The following example shows how to exclude some conventional URLs that browsers and
crawlers often request:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="kn">import</span> <span class="nn">re</span>
<span class="n">IGNORABLE_404_URLS</span> <span class="o">=</span> <span class="p">[</span>
    <span class="n">re</span><span class="o">.</span><span class="n">compile</span><span class="p">(</span><span class="sa">r</span><span class="s1">&#39;^/apple-touch-icon.*\.png$&#39;</span><span class="p">),</span>
    <span class="n">re</span><span class="o">.</span><span class="n">compile</span><span class="p">(</span><span class="sa">r</span><span class="s1">&#39;^/favicon\.ico$&#39;</span><span class="p">),</span>
    <span class="n">re</span><span class="o">.</span><span class="n">compile</span><span class="p">(</span><span class="sa">r</span><span class="s1">&#39;^/robots\.txt$&#39;</span><span class="p">),</span>
<span class="p">]</span>
</pre></div>
</div>
<p>(Note that these are regular expressions, so we put a backslash in front of
periods to escape them.)</p>
<p>If you’d like to customize the behavior of
<a class="reference internal" href="../ref/middleware.html#django.middleware.common.BrokenLinkEmailsMiddleware" title="django.middleware.common.BrokenLinkEmailsMiddleware"><code class="xref py py-class docutils literal notranslate"><span class="pre">django.middleware.common.BrokenLinkEmailsMiddleware</span></code></a> further (for
example to ignore requests coming from web crawlers), you should subclass it
and override its methods.</p>
<div class="admonition seealso">
<p class="first admonition-title">See also</p>
<p class="last">404 errors are logged using the logging framework. By default, these log
records are ignored, but you can use them for error reporting by writing a
handler and <a class="reference internal" href="../topics/logging.html"><span class="doc">configuring logging</span></a> appropriately.</p>
</div>
</div>
</div>
<div class="section" id="s-filtering-error-reports">
<span id="s-id1"></span><span id="filtering-error-reports"></span><span id="id1"></span><h2>Filtering error reports<a class="headerlink" href="#filtering-error-reports" title="Permalink to this headline">¶</a></h2>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">Filtering sensitive data is a hard problem, and it’s nearly impossible to
guarantee that sensitive data won’t leak into an error report. Therefore,
error reports should only be available to trusted team members and you
should avoid transmitting error reports unencrypted over the Internet
(such as through email).</p>
</div>
<div class="section" id="s-filtering-sensitive-information">
<span id="filtering-sensitive-information"></span><h3>Filtering sensitive information<a class="headerlink" href="#filtering-sensitive-information" title="Permalink to this headline">¶</a></h3>
<p>Error reports are really helpful for debugging errors, so it is generally
useful to record as much relevant information about those errors as possible.
For example, by default Django records the <a class="reference external" href="https://en.wikipedia.org/wiki/Stack_trace">full traceback</a> for the
exception raised, each <a class="reference external" href="https://en.wikipedia.org/wiki/Stack_frame">traceback frame</a>’s local variables, and the
<a class="reference internal" href="../ref/request-response.html#django.http.HttpRequest" title="django.http.HttpRequest"><code class="xref py py-class docutils literal notranslate"><span class="pre">HttpRequest</span></code></a>’s <a class="reference internal" href="../ref/request-response.html#httprequest-attributes"><span class="std std-ref">attributes</span></a>.</p>
<p>However, sometimes certain types of information may be too sensitive and thus
may not be appropriate to be kept track of, for example a user’s password or
credit card number. So in addition to filtering out settings that appear to be
sensitive as described in the <a class="reference internal" href="../ref/settings.html#std:setting-DEBUG"><code class="xref std std-setting docutils literal notranslate"><span class="pre">DEBUG</span></code></a> documentation, Django offers a
set of function decorators to help you control which information should be
filtered out of error reports in a production environment (that is, where
<a class="reference internal" href="../ref/settings.html#std:setting-DEBUG"><code class="xref std std-setting docutils literal notranslate"><span class="pre">DEBUG</span></code></a> is set to <code class="docutils literal notranslate"><span class="pre">False</span></code>): <a class="reference internal" href="#django.views.decorators.debug.sensitive_variables" title="django.views.decorators.debug.sensitive_variables"><code class="xref py py-func docutils literal notranslate"><span class="pre">sensitive_variables()</span></code></a> and
<a class="reference internal" href="#django.views.decorators.debug.sensitive_post_parameters" title="django.views.decorators.debug.sensitive_post_parameters"><code class="xref py py-func docutils literal notranslate"><span class="pre">sensitive_post_parameters()</span></code></a>.</p>
<dl class="function">
<dt id="django.views.decorators.debug.sensitive_variables">
<code class="descname">sensitive_variables</code>(<em>*variables</em>)<a class="reference internal" href="../_modules/django/views/decorators/debug.html#sensitive_variables"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#django.views.decorators.debug.sensitive_variables" title="Permalink to this definition">¶</a></dt>
<dd><p>If a function (either a view or any regular callback) in your code uses
local variables susceptible to contain sensitive information, you may
prevent the values of those variables from being included in error reports
using the <code class="docutils literal notranslate"><span class="pre">sensitive_variables</span></code> decorator:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">django.views.decorators.debug</span> <span class="k">import</span> <span class="n">sensitive_variables</span>

<span class="nd">@sensitive_variables</span><span class="p">(</span><span class="s1">&#39;user&#39;</span><span class="p">,</span> <span class="s1">&#39;pw&#39;</span><span class="p">,</span> <span class="s1">&#39;cc&#39;</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">process_info</span><span class="p">(</span><span class="n">user</span><span class="p">):</span>
    <span class="n">pw</span> <span class="o">=</span> <span class="n">user</span><span class="o">.</span><span class="n">pass_word</span>
    <span class="n">cc</span> <span class="o">=</span> <span class="n">user</span><span class="o">.</span><span class="n">credit_card_number</span>
    <span class="n">name</span> <span class="o">=</span> <span class="n">user</span><span class="o">.</span><span class="n">name</span>
    <span class="o">...</span>
</pre></div>
</div>
<p>In the above example, the values for the <code class="docutils literal notranslate"><span class="pre">user</span></code>, <code class="docutils literal notranslate"><span class="pre">pw</span></code> and <code class="docutils literal notranslate"><span class="pre">cc</span></code>
variables will be hidden and replaced with stars (<cite>**********</cite>) in the
error reports, whereas the value of the <code class="docutils literal notranslate"><span class="pre">name</span></code> variable will be
disclosed.</p>
<p>To systematically hide all local variables of a function from error logs,
do not provide any argument to the <code class="docutils literal notranslate"><span class="pre">sensitive_variables</span></code> decorator:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="nd">@sensitive_variables</span><span class="p">()</span>
<span class="k">def</span> <span class="nf">my_function</span><span class="p">():</span>
    <span class="o">...</span>
</pre></div>
</div>
<div class="admonition-when-using-multiple-decorators admonition">
<p class="first admonition-title">When using multiple decorators</p>
<p>If the variable you want to hide is also a function argument (e.g.
‘<code class="docutils literal notranslate"><span class="pre">user</span></code>’ in the following example), and if the decorated function has
multiple decorators, then make sure to place <code class="docutils literal notranslate"><span class="pre">&#64;sensitive_variables</span></code>
at the top of the decorator chain. This way it will also hide the
function argument as it gets passed through the other decorators:</p>
<div class="last highlight-default notranslate"><div class="highlight"><pre><span></span><span class="nd">@sensitive_variables</span><span class="p">(</span><span class="s1">&#39;user&#39;</span><span class="p">,</span> <span class="s1">&#39;pw&#39;</span><span class="p">,</span> <span class="s1">&#39;cc&#39;</span><span class="p">)</span>
<span class="nd">@some_decorator</span>
<span class="nd">@another_decorator</span>
<span class="k">def</span> <span class="nf">process_info</span><span class="p">(</span><span class="n">user</span><span class="p">):</span>
    <span class="o">...</span>
</pre></div>
</div>
</div>
</dd></dl>

<dl class="function">
<dt id="django.views.decorators.debug.sensitive_post_parameters">
<code class="descname">sensitive_post_parameters</code>(<em>*parameters</em>)<a class="reference internal" href="../_modules/django/views/decorators/debug.html#sensitive_post_parameters"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#django.views.decorators.debug.sensitive_post_parameters" title="Permalink to this definition">¶</a></dt>
<dd><p>If one of your views receives an <a class="reference internal" href="../ref/request-response.html#django.http.HttpRequest" title="django.http.HttpRequest"><code class="xref py py-class docutils literal notranslate"><span class="pre">HttpRequest</span></code></a> object
with <a class="reference internal" href="../ref/request-response.html#django.http.HttpRequest.POST" title="django.http.HttpRequest.POST"><code class="xref py py-attr docutils literal notranslate"><span class="pre">POST</span> <span class="pre">parameters</span></code></a> susceptible to
contain sensitive information, you may prevent the values of those
parameters from being included in the error reports using the
<code class="docutils literal notranslate"><span class="pre">sensitive_post_parameters</span></code> decorator:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">django.views.decorators.debug</span> <span class="k">import</span> <span class="n">sensitive_post_parameters</span>

<span class="nd">@sensitive_post_parameters</span><span class="p">(</span><span class="s1">&#39;pass_word&#39;</span><span class="p">,</span> <span class="s1">&#39;credit_card_number&#39;</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">record_user_profile</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="n">UserProfile</span><span class="o">.</span><span class="n">create</span><span class="p">(</span>
        <span class="n">user</span><span class="o">=</span><span class="n">request</span><span class="o">.</span><span class="n">user</span><span class="p">,</span>
        <span class="n">password</span><span class="o">=</span><span class="n">request</span><span class="o">.</span><span class="n">POST</span><span class="p">[</span><span class="s1">&#39;pass_word&#39;</span><span class="p">],</span>
        <span class="n">credit_card</span><span class="o">=</span><span class="n">request</span><span class="o">.</span><span class="n">POST</span><span class="p">[</span><span class="s1">&#39;credit_card_number&#39;</span><span class="p">],</span>
        <span class="n">name</span><span class="o">=</span><span class="n">request</span><span class="o">.</span><span class="n">POST</span><span class="p">[</span><span class="s1">&#39;name&#39;</span><span class="p">],</span>
    <span class="p">)</span>
    <span class="o">...</span>
</pre></div>
</div>
<p>In the above example, the values for the <code class="docutils literal notranslate"><span class="pre">pass_word</span></code> and
<code class="docutils literal notranslate"><span class="pre">credit_card_number</span></code> POST parameters will be hidden and replaced with
stars (<cite>**********</cite>) in the request’s representation inside the error
reports, whereas the value of the <code class="docutils literal notranslate"><span class="pre">name</span></code> parameter will be disclosed.</p>
<p>To systematically hide all POST parameters of a request in error reports,
do not provide any argument to the <code class="docutils literal notranslate"><span class="pre">sensitive_post_parameters</span></code> decorator:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="nd">@sensitive_post_parameters</span><span class="p">()</span>
<span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="o">...</span>
</pre></div>
</div>
<p>All POST parameters are systematically filtered out of error reports for
certain <a class="reference internal" href="../topics/auth/default.html#module-django.contrib.auth.views" title="django.contrib.auth.views"><code class="xref py py-mod docutils literal notranslate"><span class="pre">django.contrib.auth.views</span></code></a> views (<code class="docutils literal notranslate"><span class="pre">login</span></code>,
<code class="docutils literal notranslate"><span class="pre">password_reset_confirm</span></code>, <code class="docutils literal notranslate"><span class="pre">password_change</span></code>, and <code class="docutils literal notranslate"><span class="pre">add_view</span></code> and
<code class="docutils literal notranslate"><span class="pre">user_change_password</span></code> in the <code class="docutils literal notranslate"><span class="pre">auth</span></code> admin) to prevent the leaking of
sensitive information such as user passwords.</p>
</dd></dl>

</div>
<div class="section" id="s-custom-error-reports">
<span id="s-id2"></span><span id="custom-error-reports"></span><span id="id2"></span><h3>Custom error reports<a class="headerlink" href="#custom-error-reports" title="Permalink to this headline">¶</a></h3>
<p>All <a class="reference internal" href="#django.views.decorators.debug.sensitive_variables" title="django.views.decorators.debug.sensitive_variables"><code class="xref py py-func docutils literal notranslate"><span class="pre">sensitive_variables()</span></code></a> and <a class="reference internal" href="#django.views.decorators.debug.sensitive_post_parameters" title="django.views.decorators.debug.sensitive_post_parameters"><code class="xref py py-func docutils literal notranslate"><span class="pre">sensitive_post_parameters()</span></code></a> do is,
respectively, annotate the decorated function with the names of sensitive
variables and annotate the <code class="docutils literal notranslate"><span class="pre">HttpRequest</span></code> object with the names of sensitive
POST parameters, so that this sensitive information can later be filtered out
of reports when an error occurs. The actual filtering is done by Django’s
default error reporter filter:
<a class="reference internal" href="#django.views.debug.SafeExceptionReporterFilter" title="django.views.debug.SafeExceptionReporterFilter"><code class="xref py py-class docutils literal notranslate"><span class="pre">django.views.debug.SafeExceptionReporterFilter</span></code></a>. This filter uses the
decorators’ annotations to replace the corresponding values with stars
(<cite>**********</cite>) when the error reports are produced. If you wish to override or
customize this default behavior for your entire site, you need to define your
own filter class and tell Django to use it via the
<a class="reference internal" href="../ref/settings.html#std:setting-DEFAULT_EXCEPTION_REPORTER_FILTER"><code class="xref std std-setting docutils literal notranslate"><span class="pre">DEFAULT_EXCEPTION_REPORTER_FILTER</span></code></a> setting:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">DEFAULT_EXCEPTION_REPORTER_FILTER</span> <span class="o">=</span> <span class="s1">&#39;path.to.your.CustomExceptionReporterFilter&#39;</span>
</pre></div>
</div>
<p>You may also control in a more granular way which filter to use within any
given view by setting the <code class="docutils literal notranslate"><span class="pre">HttpRequest</span></code>’s <code class="docutils literal notranslate"><span class="pre">exception_reporter_filter</span></code>
attribute:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">user</span><span class="o">.</span><span class="n">is_authenticated</span><span class="p">:</span>
        <span class="n">request</span><span class="o">.</span><span class="n">exception_reporter_filter</span> <span class="o">=</span> <span class="n">CustomExceptionReporterFilter</span><span class="p">()</span>
    <span class="o">...</span>
</pre></div>
</div>
<p>Your custom filter class needs to inherit from
<a class="reference internal" href="#django.views.debug.SafeExceptionReporterFilter" title="django.views.debug.SafeExceptionReporterFilter"><code class="xref py py-class docutils literal notranslate"><span class="pre">django.views.debug.SafeExceptionReporterFilter</span></code></a> and may override the
following methods:</p>
<dl class="class">
<dt id="django.views.debug.SafeExceptionReporterFilter">
<em class="property">class </em><code class="descname">SafeExceptionReporterFilter</code><a class="reference internal" href="../_modules/django/views/debug.html#SafeExceptionReporterFilter"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#django.views.debug.SafeExceptionReporterFilter" title="Permalink to this definition">¶</a></dt>
<dd></dd></dl>

<dl class="method">
<dt id="django.views.debug.SafeExceptionReporterFilter.is_active">
<code class="descclassname">SafeExceptionReporterFilter.</code><code class="descname">is_active</code>(<em>request</em>)<a class="reference internal" href="../_modules/django/views/debug.html#SafeExceptionReporterFilter.is_active"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#django.views.debug.SafeExceptionReporterFilter.is_active" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns <code class="docutils literal notranslate"><span class="pre">True</span></code> to activate the filtering operated in the other methods.
By default the filter is active if <a class="reference internal" href="../ref/settings.html#std:setting-DEBUG"><code class="xref std std-setting docutils literal notranslate"><span class="pre">DEBUG</span></code></a> is <code class="docutils literal notranslate"><span class="pre">False</span></code>.</p>
</dd></dl>

<dl class="method">
<dt id="django.views.debug.SafeExceptionReporterFilter.get_post_parameters">
<code class="descclassname">SafeExceptionReporterFilter.</code><code class="descname">get_post_parameters</code>(<em>request</em>)<a class="reference internal" href="../_modules/django/views/debug.html#SafeExceptionReporterFilter.get_post_parameters"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#django.views.debug.SafeExceptionReporterFilter.get_post_parameters" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns the filtered dictionary of POST parameters. By default it replaces
the values of sensitive parameters with stars (<cite>**********</cite>).</p>
</dd></dl>

<dl class="method">
<dt id="django.views.debug.SafeExceptionReporterFilter.get_traceback_frame_variables">
<code class="descclassname">SafeExceptionReporterFilter.</code><code class="descname">get_traceback_frame_variables</code>(<em>request</em>, <em>tb_frame</em>)<a class="reference internal" href="../_modules/django/views/debug.html#SafeExceptionReporterFilter.get_traceback_frame_variables"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#django.views.debug.SafeExceptionReporterFilter.get_traceback_frame_variables" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns the filtered dictionary of local variables for the given traceback
frame. By default it replaces the values of sensitive variables with stars
(<cite>**********</cite>).</p>
</dd></dl>

<div class="admonition seealso">
<p class="first admonition-title">See also</p>
<p class="last">You can also set up custom error reporting by writing a custom piece of
<a class="reference internal" href="../topics/http/middleware.html#exception-middleware"><span class="std std-ref">exception middleware</span></a>. If you do write custom
error handling, it’s a good idea to emulate Django’s built-in error handling
and only report/log errors if <a class="reference internal" href="../ref/settings.html#std:setting-DEBUG"><code class="xref std std-setting docutils literal notranslate"><span class="pre">DEBUG</span></code></a> is <code class="docutils literal notranslate"><span class="pre">False</span></code>.</p>
</div>
</div>
</div>
</div>


          </div>
        </div>
      </div>
      
        
          <div class="yui-b" id="sidebar">
            
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper">
  <h3><a href="../contents.html">Table of Contents</a></h3>
  <ul>
<li><a class="reference internal" href="#">Error reporting</a><ul>
<li><a class="reference internal" href="#email-reports">Email reports</a><ul>
<li><a class="reference internal" href="#server-errors">Server errors</a></li>
<li><a class="reference internal" href="#errors">404 errors</a></li>
</ul>
</li>
<li><a class="reference internal" href="#filtering-error-reports">Filtering error reports</a><ul>
<li><a class="reference internal" href="#filtering-sensitive-information">Filtering sensitive information</a></li>
<li><a class="reference internal" href="#custom-error-reports">Custom error reports</a></li>
</ul>
</li>
</ul>
</li>
</ul>

  <h4>Previous topic</h4>
  <p class="topless"><a href="static-files/deployment.html"
                        title="previous chapter">Deploying static files</a></p>
  <h4>Next topic</h4>
  <p class="topless"><a href="deployment/checklist.html"
                        title="next chapter">Deployment checklist</a></p>
  <div role="note" aria-label="source link">
    <h3>This Page</h3>
    <ul class="this-page-menu">
      <li><a href="../_sources/howto/error-reporting.txt"
            rel="nofollow">Show Source</a></li>
    </ul>
   </div>
<div id="searchbox" style="display: none" role="search">
  <h3>Quick search</h3>
    <div class="searchformwrapper">
    <form class="search" action="../search.html" method="get">
      <input type="text" name="q" />
      <input type="submit" value="Go" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
    </div>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
              <h3>Last update:</h3>
              <p class="topless">Mar 04, 2020</p>
          </div>
        
      
    </div>

    <div id="ft">
      <div class="nav">
    &laquo; <a href="static-files/deployment.html" title="Deploying static files">previous</a>
     |
    <a href="index.html" title="“How-to” guides" accesskey="U">up</a>
   |
    <a href="deployment/checklist.html" title="Deployment checklist">next</a> &raquo;</div>
    </div>
  </div>

      <div class="clearer"></div>
    </div>
  </body>
</html>